Editors, Guests, and Friends

Richard Epstein’s office at the Hoover Institution is less than a mile from mine at Stanford Law School, and I’ve had the pleasure to hear Richard speak to the faculty on a number of occasions. Yesterday’s Just Security post, in which Richard recommended unmodified continuation of the NSA’s bulk phone records collection is a surprising divergence from what I understand Richard’s values to be.

In his Supreme Court amicus brief on behalf of Salim Ahmed Hamdan, Richard wrote of how important respect for the rule of law, separation of powers, the protection of all persons, citizens and aliens alike, and the insistence on known and settled rules to prevent arbitrary impositions of government power are. He said that executive action that lacks explicit authorization in the Constitution or laws of the United States raises grave constitutional concerns. Bulk collection of phone records fails all these principles.

Richard disregards the lack of legal authorization to argue policy. He says that bulk collection survives his rebuttable presumption against government spying on Americans. But how? The bulk phone records collection has been useless in actually combatting terrorism. This is what multiple members of the President’s surveillance review board, Senator Patrick Leahy, and the Privacy and Civil Liberties Oversight Board—people with substantial access to relevant information—have all said. New America Foundation researchers found that the phone records were used to initiate less than 1.8 percent of counterterrorism investigations over the lifetime of the program. Richard ignores the evidence.

In place of data, Richard offers a theory that government, like an individual, has a right to anticipatorily protect itself. “To say in principle that the government should be paralyzed until it has information about a specific offense before it can throw its might into the ring is to my mind a grievous error because, by that time, it could easily be too late.” Therefore, it can collect information on hundreds of millions of presumably innocent people because it theoretically could be useful—though it never actually has been—in that self-protection. Richard is reassured about bulk collection because there are rules that govern use of the collected information and writes that there were no “systematic breaches in that wall of separation” between collection and use of the phone records. Huh?

The NSA has routinely violated the few rules meant to protect Americans from misuse of the phone records database. Before the Snowden disclosures, and the declassifications that followed, we had little to go on. As my Just Security colleague Julian Sanchez pointed out in response to one of Richard’s earlier essays on this topic, finding abuse when the surveillance is hidden from the light of day is hard.

The rampant abuses uncovered by the Church Committee, recall, had in many instances gone undisclosed to the public for decades. This is for the unsurprising reason that when government officials illegally misuse information obtained in secret surveillance programs, they tend not to send out press releases about it, but rather make covert and indirect use of the information—as via targeted leaks—and conceal their actions as far as possible, which the shroud of secrecy facilitates.

Still, the proof is there. Back in June, Julian described the contemporaneous record of abuse:

[W]e must count instances explicitly characterized as “abuses” by the Justice Department Inspector General, who in a series of reports on FBI practices found “widespread and serious” misuse of call records authorities. These included systematic disregard for the required procedures for demanding records, false statements in affidavits to both telecommunications companies and the FISA Court, improper acquisition of journalists’ phone records, use of national security authorities in cases unrelated to national security, and attempts by superiors to retroactively conceal these improprieties when they were discovered internally after several years. The IG also noted a pattern of failure to report potential violations to the proper oversight board.

Today, we know from a 2009 declassified opinion by Judge Reggie Walton of the Foreign Intelligence Surveillance Court (FISC) that right from the start, the NSA disobeyed the few limitations the FISC imposed on its use of Americans’ telephone call records. The agency was only supposed to search for telephone identifiers that satisfied a reasonable articulable suspicion (or RAS) standard. Instead, as numbers rolled into the database, analysts compared the information on a daily basis with non RAS-approved numbers on an Alert List. The “Alert List” contained 17,835 numbers, of which only 1,935 met the FISC’s RAS-approved requirement. If there was a hit, then the NSA analysts would look to see if they had RAS-approval for the altering number. If they did, they would conduct contact-chaining – three hops analysis – on the Americans’ flagged number.

So, the NSA did not have an approved factual basis for 89% of the numbers they used to search the phone records data. And, the NSA’s illegal practice continued from 2006 until 2009. Only then, did the NSA inform the FISA Court about it.

Director of the NSA General Keith Alexander explained to Judge Walton that the reason the NSA violated FISC rules and kept making false reports to the FISC was because key personnel did not understand what the analysts were doing. And once those key people knew what analysts were doing, they were unaware that that information was not accurately represented in the NSA’s reports to the FISA Court.

It appears there never was a complete understanding among key personnel who reviewed the report for the SIGINT Directorate and the Office of General Counsel regarding what each individual meant by the terminology used in the report. Once this initial misunderstanding occurred, the alert list description was never corrected since neither the SIGINT Directorate nor the Office of General Counsel realized there was a misunderstanding. As a result, NSA never revisited the description of the alert list that was included in the original report to the Court. Thus, the inaccurate description was also included in the subsequent reports to the Court.

So, false reports just kept getting filed for years because, giving the NSA the full benefit of the doubt, of institutional incompetence. Indeed, as the PCLOB said, the compliance issues were “a product of the program’s technological complexity and vast scope, illustrating the risks inherent in such a program.” This is Richard’s “systemic” error, if ever there was one.

Richard is right that allowing the government to root through private information without reason poses serious threat to the personal tranquility and financial security of huge numbers of American citizens. He’s wrong if he thinks that the rules in place police this line. In fact, no rules of this nature—complicated, secret administrative regulations crafted ex parte, policed by the Executive Branch itself, without recourse to independent investigation, publicity, robust legislative oversight, or adversarial judicial process for enforcement—could ever prevent the misuse government agents are capable of committing with so much information about innocent people in hand.

We know that NSA agents used the database to stalk their spouses and ex-lovers. The agency brags about profiling individuals’—including Americans’—porn viewing, online sexual activity and more from its vast database of Internet content and transactional data as part of a plan to harm the reputations of those whom the agency believes are radicalizing others through speeches promoting disfavored—but not necessarily violent—political views. Sooner or later, we will learn of more abuses, and if these programs continue, more will occur.

Richard says that the U.S. is not like China or the Soviet Union, and we do not live in a totalitarian state. I agree with him…so far. We do not live in terror that an average American—including employees of well-respected law schools with disparate but mainstream political views—will be regularly singled out for arbitrary government retribution. But law-abiding people are watched, policed, and punished in the name of “prevention.” U.S. counterterrorism “fusion centers” have improperly created homeland information reports on a Muslim-American community group’s suggested reading list and on a leaflet prepared by a chapter of the Mongols Motorcycle Club, a California-based biker gang. These fusion centers have also recommended spying on anti-war and peace activists and anarchists in Washington State. Tea Party groups were singled out for extra attention from Internal Revenue Service auditors. As David Rittgers of the Cato Institute has noted, Department of Homeland Security reports have labeled broad swaths of the American public as a threat to national security:

It surprises me that Richard trusts President Obama and his appointees so much. But it surprises me more that he is comfortable with the Presidents and appointees of the future. History shows that J. Edgar Hoovers and LBJs come ‘round periodically. When they do, we need more than secret rules to blunt their exercise of power. Many forces shape our destiny: history, economics, political power, and social systems. We know that power corrupts and that good people will do bad things when a system is poorly designed. This is exactly why government power, especially over those things most core to political change and personal freedom, must be strictly limited.

Today, American intelligence agencies are forging the tools of totalitarianism. I think Epstein would agree that we, the People, do not have to wait in paralysis for totalitarianism before we push back.

What to read next

On March 10, 2015, represented by the ACLU, the Wikimedia Foundation and eight co-plaintiffs filed suit against the NSA, the Justice Department, and others, over the mass search and seizure of internet communications using “upstream” surveillance.… continue »

Before the start of business, Just Security provides a curated summary of up-to-the-minute developments at home and abroad. Here’s today’s news.

YEMEN

A Saudi-led airstrike hit a camp for displaced persons. At least 40 civilians were killed and about 200 wounded when the strike hit the camp in the country’s northern Hajjah province yesterday afternoon.… continue »